Service management & processes

Service standards are shaping our experiences

Discover how standards support the effective provision of services

Article

Data privacy by design: Ensure consumer protection in the digital economy with BS ISO 31700-1

Consumer trust and how well individual privacy needs are met, are defining concerns for the digital economy. BS ISO 31700-1 is a new international standard that aims to tackle this issue, by supporting organizations to take a privacy by design approach. Privacy by design is an approach that considers the privacy of a consumer throughout the design, development, and operations for a product. It requires businesses to consider privacy throughout the entire lifecycle of their products - from before they are placed on the market, through to their purchase and use by consumers, and finally when in the end-of-life phase. Following this structure means that from its outset, you are building the capability for your product processes and their default consumer-oriented privacy controls that provide appropriate levels of privacy. BS ISO 31700-1 Consumer protection — Privacy by design for consumer goods and services: Part 1: High level requirements should be adopted by organizations who wish to take this approach in the design, development, manufacture, marketing, distribution, maintenance, and disposal of their consumer products. It focuses on ensuring the privacy of consumers’ personal information inherent in product design and that is collected as part of the sale and support of consumer products – covering both physical goods and digital services. Implementing the standard will help companies comply with data protection regulations and avoid potentially devastating data breaches that erode consumers’ confidence in the digital world. To learn more about how our standards can support your data protection and privacy processes, visit our Digital Trust Topic Page. The importance of protecting your consumers’ data In today’s digital world of shared platforms, interconnected devices, cloud applications, and personalization, it is increasingly important for businesses to focus on the consumer perspective when implementing robust privacy processes. This includes how their digital goods and services process their consumers’ personally identifiable information (PII) and other data. When PII has been compromised because of outdated, or non-existent privacy practices, the consequences for the individual can be severe. In the UK, the average cost of a data breach has grown to nearly £2.7 million, according to IBM research. In addition, there can be damage to consumer trust of the digital product and potentially legal or reputational impact to the business. As a result, there is growing demand for businesses to think beyond the existing traditional view of data security as yet another cost, and instead, embrace next-generation privacy approaches. Understand the benefits of BS ISO 31700-1’s privacy by design approach BS ISO 31700-1 helps organizations implement systematic management of privacy due diligence with respect to consumer products, as well as provide greater transparency and accountability in the design and operation of software systems that process PII. It will be especially useful to those providing digitally connected consumer products, such as home appliances and wearable devices, mobile application developers, online service providers, and more. Further benefits to businesses of using BS ISO 31700-1 include: It promotes wider adoption of privacy best practices across all industries It gives consumers greater confidence in their purchases, by allowing them to take back control over the use of their data It can facilitate access to international markets and boost competitiveness It can help minimize the risk of costly data breaches from occurring and subsequent reputational damage It helps to prioritize the consumer from the outset of product design, reducing the need to ‘retro-fit’ future products to ensure they meet privacy expectations Discover our other key consumer protection standards As the competition in the consumer goods and services market continues to grow exponentially, businesses are now recognizing that they need to demonstrate their commitment to protecting their consumers in a way they didn’t before. PD ISO TR 31700-2:2023 Privacy by design for consumer goods and services — Use cases isa technical report that provides suggestions on how to use BS ISO 31700-1 as well as use cases illustrating the application of this standard in real world scenarios. It aims to help those implementing BS ISO 31700-1 such as engineers and practitioners who are involved in the development, implementation or operation of digitally enabled consumer goods and services. BS ISO 22458 Consumer vulnerability. Requirements and guidelines for the design and delivery of inclusive service is another international standard that aims to help organizations prioritize the needs of their consumers. It specifies requirements on how to design and deliver fair, flexible, and inclusive services that will increase positive outcomes for consumers and minimize the risk of harm. It supports businesses to identify, understand and support vulnerable customers, making it easier for their customers to make smart and informed choices. In turn, this can lead to better outcomes for consumers and increased customer satisfaction. When using BS ISO 31700-1 and BS ISO 22458 together, businesses can strongly demonstrate that they are actively working to protect their consumers, both in the design of their products and services. To learn more about BS ISO 22458 and its benefits read our article, ‘Is your business doing all it can to support vulnerable consumers?’. As well as consumer protection standards, we have a huge collection of data privacy standards to ensure your business is following data safeguarding best practice procedures. These include: BS EN ISO/IEC 27701 Information security, cybersecurity and privacy protection. Privacy information management systems. Requirements and guidance BS EN ISO/IEC 29100 Information technology. Security techniques. Privacy framework BS 10012 Data protection. Specification for a personal information management system BS EN ISO/IEC 27018 Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors BS ISO/IEC 27555 Information security, cybersecurity and privacy protection. Guidelines on personally identifiable information deletion Reap the benefits of taking the data privacy by design approach by adopting BS ISO 31700-1 today. Discover BSI Knowledge Protecting your consumers data can be complex but accessing and managing your standards doesn't have to be. With a BSI Knowledge subscription, you will have the flexibility and visibility to manage the key standards you need to protect your consumers’ privacy with confidence - all in one place. Request to learn more.